I have been trouble shooting this for over a week now and I am nearly in tears. I am simply trying to facilitate a DMZ (which is set up) that will allow for..........

1.access to a staging server that our clients could get to our beta version of a web app, and allow us to get to inside our LAN, by the url and not the internal IP that has (or now maybe had)
I know DNS here is the issue but I am certain it is in the PIX and not my DNS servers settings, but I could be wrong

>access-list inside_access_in extended permit ip any any
>access-group inside_access_in in interface inside
This acl is redundant to the default allow all and should be removed from the inside interface. Only apply an acl to the inside interface to restrict traffic outbound.

> and allow us to get to inside our LAN, by the url and not the internal IP that has
This is the hard part. The ONLY way you can access internal hosts by their public URL that resolves to their public IP address is through DNS re-write. This means that the DNS server the clients use lives outside the firewall, and the firewall intercepts the dns responses and re-writes them to actually give the client the real private IP address. Since your DNS servers live inside the firewall, you must have an internal-only dns server that resolves the url to the private IP address, and a public dns server that resolves the url to the public IP addresses.

Thank you very much! Everything you explained makes total since. I will apply it all on Monday. I will go ahead and accept your response as the solution, and try and contact you if anything fails to work.

One other requirement I didn't mention because I didn't know it was an issue is web access to host IN the DMZ. I can't seem to configure the proper rule to achieve this. Each time I set up what I think is write it stops web access to the LAN???? Help with this would be greateful, eveything else you suggested worked.

Does this server have the proper default gateway assigned?
Are you trying to access this server by Public IP from OUTside the network? - If all above conditions check out, then you should be able to.
Are you trying to access this server by Public IP from INside the network? - you can't and this is a design feature of the PIX.

Can you post your current running config, and what exact commands that you try to enter when it stops web access to the LAN?

when I am logged into the server I can not browse the web or ping any external host (i.e. 4.2.2.2) as I can from my LAN. I need to have access to the web from the server. If you could, please check this link to see if you can reach it: http://demo.dmsva.com/prisms/login.cfm
As of last week we could get to this from OUTside our LAN. Prior to that and I am not sure why or who changed it, only one of to NIC's in the host were enabled, and it's IP address was set with the public IP 67.103.180.198, which resolved to the link I asked you to check. It makes since to me that you would not be able to reach it, because the domain name in the URL in question is set to the public IP, 67.103.180.198
I support a bunch of developers that have never had a LAN Admin, and they all still have free access to the servers for now. I can get to the URL internally now because the IP in use on the only enabled NIC is the private address 192.168.2.42. I posted the config, and I did apply all your suggestions.
The IP setting on the host in question(which I guess is wrong) is...
IP - 192.168.2.42
SM - 255.255.255.0
DG - 192.168.2.1

Two things....

1. "global (DMZ) 1 interface" still shows up in the config, though I removed it by entering "no" in front of this command. Is there anything else I need to do to get rid of it? When I run "no global (DMZ) 1 interface" it gives an ERROR stating that it doesn't exist.

2. Is there anything wrong with having muliti honed machines in the DMZ, one have the public and the other having a private IP? I was informed that his can cause a loop, but in past experience I have seen boxes in a DMZ set up this way? Basically my question really is, what IP address has to be on the one NIC in a host located in the DMZ if it only has one NIC or is two NIC's needed one with the Public and the other with the Private IP addesses?

>Is there anything wrong with having muliti honed machines in the DMZ,
Yes, it defeats the whole purpose of having a DMZ - that is to have an actual firewall between the DMZ machines and the internal network. When dual-homed, If any DMZ machine is compromised, so is your entire internal network.
My advice - don't do it.

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other.
In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…

Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html
Figure 1
After Root Bridge has been elected, then what?.....
Let's start by defining a Root Port in la…

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…